Appln. No. 09/693,605 
Amendment dated January 9, 2007 
Reply to Office Action dated July 14, 2006 

Amendments to the claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims; 

Claim 1 (previously presented): A computer readable medium containing a database 
structure for storage of encrypted data, the database structure comprising: 

at least one data entity encrypted by at least one encryption key, the data entity having at 

least one searchable attribute; and 
at least one encryption key identification stored in association with the data entity and 

corresponding to the encryption key. 

Claim 2 (previously presented): The computer readable medium according to claim 1 
wherein the at least one encryption key identification is encrypted by a system key, and the 
database structure further comprises a system key common name corresponding to the system key, 
the system key common name being stored in association with the data entity. 

Claim 3 (previously presented): The computer readable medium according to claim 2 
wherein the system key common name is hashed, and the database structure further comprises the 
system key common name hash value stored in association with the system key common name. 

Claim 4 (original): The computer readable medium according to claim 3 wherein the 
system key common name and the system key common name hash value are stored on a separate 
database from the at least one data entity. 

Claim 5: (original): The computer readable medium according to claim 1 wherein the at 
least one encryption key identification is encrypted by a system key. 

Claim 6 (original): The computer readable medium according to claim 1 wherein the at 
least one encryption key comprises a dynamic encryption key, and the at least one encryption key 
identification comprises a dynamic encryption key identification. 
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Claim 7 (original): The computer readable medium according to claim 1 further comprising 
a plurality of data entities encrypted by a plurality of encryption keys, and a plurality of encryption 
key identifications. 

Claim 8 (original): The computer readable medium according to claim 7 wherein the 
plurality of encryption keys comprise dynamic encryption keys, and the plurality of encryption key 
identifications comprise dynamic encryption key identifications. 

Claim 9 (original): The computer readable medium according to claim 1 wherein the data 
structure further comprises a plurality of hash values with each of the searchable attributes having a 
corresponding hash value. 

Claim 10 (original): The computer readable medium according to claim 1 wherein the data 
structure further comprises at least one integrity attribute in association with the data entity. 

Claim 1 1 (original): The computer readable medium according to claim 1 wherein the data 
structure further comprises a security key attribute of the data entity, the security key attribute 
including the at least one encryption key identification and a system key common name. 

Claim 12 (original): The computer readable medium according to claim 1 further 
comprising a first database including the data entity and encryption key identification stored 
thereon and a second database including the encryption key stored thereon. 

Claim 13 (original): The computer readable medium according to claim 12 wherein the first 
database further includes a system key common name stored thereon, and the system key common 
name corresponds to a system key used to encrypt the encryption key identification. 

Claim 14 (original): The computer readable medium according to claim 13 further 
comprising a security token including the system key stored thereon. 

Claim 15 (original): The computer readable medium according to claim 14 wherein the 
security token comprises a Smart Card reader. 
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Claim 16 (original): The computer readable medium according to claim 1 wherein the at 
least one encryption key identification is stored as an attribute of the data entity. 

Claim 17 (original): The computer readable medium according to claim 1 wherein the data 
entity comprises a data object having a plurality of attributes. 

Claim 18 (original): The computer readable medium according to claim 1 further 
comprising a second data entity including as attributes the encryption key and the encryption key 
identification. 

Claim 19 (original): The computer readable medium according to claim 18 wherein the 
second data entity is stored on a separate isolated database from the at least one data entity. 

Claim 20 (original): The computer readable medium according to claim 1 further 
comprising a second data entity encrypted by a second encryption key, the second data entity 
having a second searchable attribute, and a second encryption key identification corresponding to 
the second encryption key; and wherein the at least one encryption key comprises a first encryption 
key and the at least one encryption key identification comprises a first encryption key 
identification. 

Claim 21 (original): The computer readable medium according to claim 20 wherein the 
second encryption key identification is stored as an attribute of the second data entity. 

Claim 22 (original): The computer readable medium according to claim 20 wherein the first 
and second encryption key identifications are encrypted by a system key having a system key 
common name. 

Claim 23 (original): The computer readable medium according to claim 22 wherein the 
system key comprises a public system key. 

Claim 24 (original): The computer readable medium according to claim 22 further 
comprising the system key common name stored as an attribute of the first and second data entities. 
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Claim 25 (original): The computer readable medium according to claim 20 wherein the first 
encryption key identification is encrypted by a first system key, and the second encryption key 
identification is encrypted by a second system key. 

Claim 26 (original): The computer readable medium according to claim 20 wherein the first 
and second data entities contain information for an individual customer. 

Claim 27 (original): The computer readable medium according to claim 26 wherein the first 
data entity contains medical patient name information, and the second data entity contains medical 
patient address information. 

Claim 28 (previously presented): A computer readable data transmission medium 
containing a data structure for encrypted data, the data structure comprising: 

at least one data entity encrypted by at least one encryption key, the data entity having at 

least one searchable attribute; and 
at least one encryption key identification stored in association with the data entity and 

corresponding to the encryption key. 

Claims 29-39 (canceled). 

Claim 40 (original): A method for storage and retrieval of encrypted data, the method 
comprising: 

encrypting a data entity with an encryption key having an encryption key identification; 
storing the data entity; and 

storing the encryption key identification in association with the data entity. 

Claim 41 (original): The method according to claim 40 further comprising: 
requesting a data manipulation using a searchable attribute; 
searching for matches to the searchable attribute; 

searching for the encryption key using the encryption key identification; and 
decrypting the data entity with the encryption key. 
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Claim 42 (original): The method according to claim 41 wherein requesting the data 
manipulation comprises requesting a data update of new information, and further comprising 
encrypting the new information with a second encryption key. 

Claim 43 (original): The method according to claim 41 wherein requesting the data 
manipulation comprises requesting an addition of new information, and further comprising 
encrypting the new information with a second encryption key. 

Claim 44 (original): The method according to claim 41 wherein requesting the data 
manipulation comprises requesting viewing of current information, and further comprising 
encrypting the viewed information with a second encryption key 

Claim 45 (original): The method according to claim 40 further comprising encrypting the 
encryption key identification with a system key having a system key common name. 

Claim 46 (original): The method according to claim 45 further comprising storing the 
system key in a security token. 

Claim 47 (original): The method according to claim 45 further comprising: 

requesting a data manipulation using a searchable attribute; 

searching for matches to the searchable attribute; 

searching for the system key using the system key common name; 

decrypting the encryption key identification with the system key; 

searching for the encryption key using the encryption key identification; and 

decrypting the data entity with the encryption key. 

Claim 48 (original): The method according to claim 45 wherein encrypting the encryption 
key identification with a system key comprises encrypting the encryption key identification with a 
system public key. 

Claim 49 (original): The method according to claim 48 further comprising decrypting the 
encryption key identification with a system private key. 
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Claim 50 (original): The method according to claim 45 further comprising storing the 
system key common name in association with the data entity. 

Claim 51 (original): The method according to claim 45 further comprising checking for 
expiration of the system key, and upon expiration of the system key, discontinuing use of the 
system key and generating and using a new system key. 

Claim 52 (original): The method according to claim 5 1 further comprising upon expiration 
of the system key, retaining the system key for decrypting previously encrypted encryption key 
identifications. 

Claim 53 (previously presented): The method according to claim 40 further comprising 
encrypting the encryption key identification with a system key having a system key common name, 
hashing the system key common name to create a system key common name hash value, and 
storing the system key common name and system key common name hash value in association 
with the data entity. 

Claim 54 (previously presented): The method according to claim 53 further comprising: 
requesting a data manipulation using a searchable attribute; 
searching for matches to the searchable attribute; 

searching for the system key common name using the system key common name hash 
value; 

searching for the system key using the system key common name; 
decrypting the encryption key identification with the system key; 
searching for the encryption key using the encryption key identification; and decrypting the 
data entity with the encryption key. 

Claim 55 (original): The method according to claim 53 further comprising verifying the 
system key with a private certificate authority, and performing an integrity check on the system 
key. 
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Claim 56 (original): The method according to claim 40 further comprising checking the 
encryption key for expiration. 

Claim 57 (original): The method according to claim 56 further comprising upon expiration 
of the encryption key, generating a new encryption key having an expiration date, retrieving data 
entities using the encryption key, decrypting the retrieved data entities with the encryption key, 
encrypting the retrieved data entities with the new encryption key, storing the retrieved data 
entities. 

Claim 58 (previously presented): The method according to claim 40 further comprising 
hashing searchable attributes of the data entity to determine data entity attribute hash values and 
storing the data entity attribute hash values in association with the data entity. 

Claim 59 (original): The method according to claim 58 further comprising: 

requesting a data manipulation using a searchable attribute; 

hashing the searchable attribute to create a searchable attribute hash value; 

searching for matches to the searchable attribute hash value; 

searching for the encryption key using the encryption key identification; and 

after retrieving the encryption key, decrypting the data entity with the encryption key. 

Claim 60 (original): The method according to claim 40 further comprising transmitting the 
data entity over a data transmission line, and wherein encrypting the data entity comprises 
encrypting only a portion of the data entity in accordance with a business rule. 

Claim 61 (original): The method according to claim 40 further comprising generating a new 
encryption key for each user session. 

Claim 62 (original): The method according to claim 40 further comprising generating a new 
encryption key for each user action. 

Claim 63 (original): The method according to claim 40 further comprising retrieving the 
encryption key from a separate database, and decrypting the data entity with the encryption key. 
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Claim 64 (original): The method according to claim 40 further comprising auditing the 
encryption key for a desired event. 

Claim 65 (original): The method according to claim 40 wherein the data entity and 
encryption key identification are stored in a first database, and further comprising storing the 
encryption key in a second database. 

Claim 66 (original): The method according to claim 40 further comprising encrypting the 
encryption key identification with a system key having a system key common name, and 
maintaining the system key within a security domain at all times. 

Claim 67 (original): The method according to claim 40 further comprising: 

requesting a data manipulation using a searchable attribute; 

searching for matches to the searchable attribute; 

searching for the encryption key using the encryption key identification; 

performing an integrity check on the encryption key; and 

decrypting the data entity with the encryption key. 

Claim 68 (original): A method for retrieval of encrypted data at rest, the method 
comprising: 

requesting a data manipulation using a searchable attribute; 
searching a plurality of data entities for matches to the searchable attribute; 
obtaining an encryption key identification from the data entities; 
searching for an encryption key using the encryption key identification; and 
decrypting the data entities with the encryption key. 

Claim 69 (previously presented): The method according to claim 68 further comprising: 
obtaining a system key common name from the data entities; 
searching for a system key using the system key common name; 
decrypting the encryption key identification with the system key. 
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Claim 70 (original): A method for storage and retrieval of encrypted data, the method 
comprising: 

encrypting a plurality of data entities with a rotating and dynamic encryption key having an 

encryption key identification; 
storing the data entities; and 

creating and rotating to a new encryption key upon occurrence of a desired rotation event. 
Claim 71-97 (canceled). 

Claim 98 (original): A method of providing a secure environment for the storage of 
information, the method comprising: 

encrypting a data entity with an encryption key having a randomly generated encryption 

key identification; 
storing the data entity; and 

storing the encryption key identification in association with the data entity. 

Claim 99 (original): The method according to claim 98 further comprising encrypting the 
encryption key identification with a system key having a system key common name. 

Claims 100-120 (canceled). 
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